Re: Multicast Limit on 3550

From: Ashok M A (ashok_ccie@yahoo.co.in)
Date: Tue Oct 11 2005 - 06:39:13 GMT-3

Hi Bob,

Thanks a lot for the mail. Please see my comments
inline.

--- Bob Sinclair <bob@bobsinclair.net> wrote:

> Ashok,
>
> There are two issues here. Perhaps we can sort them
> out separately.
>
> Issue one: Does disabling igmp snooping on a vlan
> prevent the switch from associating an IP mac
> address with the port outgoing to an attached
> client?
>
> To answer this question:
> 1. disable igmp snooping for the vlan
> 2. issue a join-group command on a router interface
> directly connected to a switch.
> 3. Wait a few minutes. On the switch, issue the
> command; sh mac-address-table multicast
> igmp-snooping. You should NOT see any 01-00-5e
> addresses associated with ports outgoint to the
> attached client. If you do, something is not right.
> Try this with snooping enabled and with snooping
> disabled. You should see a difference.
~~~~~~~~~~~
Ashok:

I created the scenaris as per your mail and it worked
as per your mail.
~~~~~~~~~~~
>
> Issue two: IF igmp-snooping is disabled for a vlan,
> AND an IP multicast mac address is statically
> associated with a port in that vlan, THEN clients
> connected to that switch on OTHER ports shold not
> receive the multicast.
~~~~~~~~~~
Ashok:

I could see that if i disable igmp-snooping for the
vlan and configure static mac entry for a perticular
multicast group ONLY the member (configured with the
static mac address entry) hears the data.

For all other multicast groups (except for the
multicast mac address configured manually on the
switch ) it will be a flooding of data and heard by
all the members of the group.

IGMP snooping does NOT prevent the member sending teh
(*,G) towards the RP. Disabling igmp snooping and
creating staic multicast mac entry ONLY affects the
data to be received by the hosts.
~~~~~~~~~~
>
> Ashok, please try to tease these issues out
> separately. The basic idea is this: switches flood
> multicast because they have not associated the
> multicast mac address with any port. If you
> statically associate the mac address with a port,
> the switch will not flood it. If, IGMP snooping is
> disabled, then other ports cannot be associated with
> that MAC, and do not receive it. Works for me.
>
> Please show which port on SW2 R8 is connected to,
> its configuration, and MAC table entries associated
> with that port.

~~~~~~~~
Ashok:
Config info..

R7#sh ru int e0
Building configuration...

Current configuration : 154 bytes
!
interface Ethernet0
 ip address 22.22.22.7 255.255.255.0
 ip igmp join-group 224.1.1.2
 ip igmp join-group 224.1.1.8
 ip igmp join-group 224.1.1.7
end

R7#

R8#sri e0
Building configuration...

Current configuration : 124 bytes
!
interface Ethernet0
 ip address 22.22.22.8 255.255.255.0
 ip igmp join-group 224.1.1.2
 ip igmp join-group 224.1.1.8
end

R8#

without IGMP snooping:

R7#
1w6d: ICMP: echo reply sent, src 22.22.22.7, dst
20.1.1.254
1w6d: ICMP: echo reply sent, src 22.22.22.7, dst
20.1.1.254
R7#

R8#
3d12h: ICMP: echo reply sent, src 22.22.22.8, dst
20.1.1.254
3d12h: ICMP: echo reply sent, src 22.22.22.8, dst
20.1.1.2

Disabling IGMP snooping and static entry for
224.1.1.2:

SW2(config)#mac-address-table static 0100.5e01.0102
vlan 1 interface g0/8

R1#ping 224.1.1.2

Type escape sequence to abort.
Sending 1, 100-byte ICMP Echos to 224.1.1.2, timeout
is 2 seconds:

Reply to request 0 from 22.22.22.8, 120 ms
Reply to request 0 from 22.22.22.8, 144 ms
R1#

R7#
R7# <nothing here>
R7#

R8#
3d12h: ICMP: echo reply sent, src 22.22.22.8, dst
20.1.1.254
3d12h: ICMP: echo reply sent, src 22.22.22.8, dst
20.1.1.254
R8#

For other groups with no static entry and no IGMP
snooping:

R1#ping 224.1.1.8

Type escape sequence to abort.
Sending 1, 100-byte ICMP Echos to 224.1.1.8, timeout
is 2 seconds:

Reply to request 0 from 22.22.22.8, 196 ms
Reply to request 0 from 22.22.22.7, 292 ms
Reply to request 0 from 22.22.22.8, 280 ms
Reply to request 0 from 22.22.22.7, 212 ms
R1#

R7#
1w6d: ICMP: echo reply sent, src 22.22.22.7, dst
30.1.1.254
1w6d: ICMP: echo reply sent, src 22.22.22.7, dst
30.1.1.254
R7#

3d12h: ICMP: echo reply sent, src 22.22.22.8, dst
30.1.1.254
3d12h: ICMP: echo reply sent, src 22.22.22.8, dst
30.1.1.254
#
~~~~~~~~

Thank you very much..

Correct me if i am wrong somewhere..

-Ashok

>
> HTH,
>
> Bob Sinclair
> CCIE #10427, CCSI 30427, CISSP
> www.netmasterclass.net
>
> ----- Original Message -----
> From: Ashok M A
> To: Bob Sinclair ; gladston@br.ibm.com ;
> ccielab@groupstudy.com
> Sent: Monday, October 10, 2005 1:54 PM
> Subject: Re: Multicast Limit on 3550
>
>
> Hi Bob,
>
> Here is the config and more information:
>
> Switch
> ~~~~~~
> SW2#sh ip igmp snooping vlan 1
> Global IGMP Snooping configuration:
> -----------------------------------
> IGMP snooping : Enabled
> IGMPv3 snooping (minimal) : Enabled
> Report suppression : Enabled
> TCN solicit query : Disabled
> TCN flood query count : 2
>
> Vlan 1:
> --------
> IGMP snooping : Disabled
> Immediate leave : Disabled
> Multicast router learning mode : pim-dvmrp
> Source only learning age timer : 10
>
>
> SW2#show run | inc mac-address
> mac-address-table static 0100.5e01.0102 vlan 1
> interface GigabitEthernet0/8
> SW2#
> ~~~~~~
>
> R8#show run int e0
> Building configuration...
>
> Current configuration : 124 bytes
> !
> interface Ethernet0
> ip address 22.22.22.8 255.255.255.0
> ip igmp join-group 224.1.1.2
> ip igmp join-group 224.1.1.8
> end
>
> R8#
> ~~~~~
>
> In the above config i disabled snooping and given
> static mac-address for 224.1.1.2 group. With this
> i
> should not able to ping 224.1.1.8 address.
>
> Test result is as follows:
> ~~~~
> R1#ping 224.1.1.8
>
> Type escape sequence to abort.
> Sending 1, 100-byte ICMP Echos to 224.1.1.8,
> timeout
> is 2 seconds:
>
> Reply to request 0 from 22.22.22.8, 240 ms
> Reply to request 0 from 22.22.22.8, 320 ms
> R1#ping 224.1.1.2
>
> Type escape sequence to abort.
> Sending 1, 100-byte ICMP Echos to 224.1.1.2,
> timeout
> is 2 seconds:
>
> Reply to request 0 from 22.22.22.8, 236 ms
> Reply to request 0 from 22.22.22.8, 312 ms
> R1#
> ~~~~~
>
> But if i now change the static mac address entry,
> for
> example to port g0/9, it will be getting dropped.
>
> ~~~~
> on switch:
>
> mac-address-table static 0100.5e01.0102 vlan 1
> interface GigabitEthernet0/9
>
> R1#ping 224.1.1.2 repeat 2
>
> Type escape sequence to abort.
> Sending 2, 100-byte ICMP Echos to 224.1.1.2,
> timeout
> is 2 seconds:
> ..
> R1#
> R1#
> R1#ping 224.1.1.8 repeat 2
>
> Type escape sequence to abort.
> Sending 2, 100-byte ICMP Echos to 224.1.1.8,
> timeout
> is 2 seconds:
>
> Reply to request 0 from 22.22.22.8, 76 ms
> Reply to request 0 from 22.22.22.8, 92 ms
> Reply to request 1 from 22.22.22.8, 80 ms
> Reply to request 1 from 22.22.22.8, 92 ms
> R1#
> ~~~~~~~
>
> Thanks,
> Ashok
>
>
> --- Bob Sinclair <bob@bobsinclair.net> wrote:
>
> > Ashok,
> >
> > To confirm my understanding; are you saying
> that
> > when you disable igmp snooping for a vlan, that
> the
> > switch still dynamically assigns multicast
> addresses
> > to ports based on the reception of IGMP
> membership
> > reports from directly attached clients? This is
> not
> > the behavior I would expect. Could you post
> some
> > show commands?
> >
> > Bob Sinclair
> > CCIE #10427, CCSI 30427, CISSP
> > www.netmasterclass.net
> >
> > ----- Original Message -----
> > From: Ashok M A
> > To: bsinclair@netmasterclass.net ;
> > gladston@br.ibm.com ; ccielab@groupstudy.com
> > Sent: Monday, October 10, 2005 12:57 PM
> > Subject: RE: Multicast Limit on 3550
> >
> >
> > Hi Bob,
> >
> > I tried your solution given below and it
> doesn't
> > seem
> > to work:
> > ~~~~
> > no ip igmp snooping vlan 1
>
=== message truncated ===

                

This archive was generated by hypermail 2.1.4 : Sun Nov 06 2005 - 22:00:50 GMT-3